Hi Team,

Recently we have seen an uptick in a phishing campaign which targets user's by using old email conversations as thread and includes a link to download malicious file. The link which is present in the email body is not having any prefix (https/http/www) due to which it is not recognized as a URL by MS and not being re-written (attaching screenshot for reference). 

Is there any rule/condition/setting that can be used to detect & block such URLs/emails?